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REMARKS/ARGUMENTS 

The Office Action mailed June 23, 2004 has been carefully considered. Reconsideration 
in view of the following remarks is respectfully requested. 

Claim Status and Amendment to the Claims 
Claims 1-71 are now pending. 

Applicants gratefully acknowledge the indication of allowance of claims 52-56. 
Applicants are further grateful for the indication of allowability of claims 6-8, 12-13, 19-21, 25- 
26, 32-34, and 38-39, subject to their re-writing in independent form including all of the 
limitations of the base claim and any intervening claims. 

Regarding Amendments 

Claims 32 and 53 have been amended to correct claim dependencies. The text of claims 
33, 34, 54, and 55 is unchanged, but their meaning is changed because they depend from 
amended claims. 

New claims 57-71 also particularly point out and distinctly claim subject matter regarded 
as the invention. New claims 57-59, 60-61, 62-64, 65-66, 67-69, and 70-71 represent claims 6-8, 
12-13, 19-21, 25-26, 32-34, and 38-39, respectively, written in independent form including all of 
the limitations of the base claim and any intervening claims. 
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The Amendment also contains minor changes of a clerical nature. No "new matter" has 
been added by the Amendment. 

The 35 U.S.C. S 102 Rejection 

Claims 1-2, 14-15 and 27-28 were rejected under 35 U.S.C. § 102(a) as being allegedly 
anticipated by Jacobson et al. ^ ^ This rejection is respectfully traversed. 

According to the M.P.E.P., a claim is anticipated under 35 U.S.C. § 102(a) only if each 
and every element as set forth in the claim is found, either expressly or inherently described, in a 
single prior art reference. 



Claim 1 

Claim 1 recites: 



A method for controlling subscriber access in a network capable of establishing 
connections with a plurality of domains, comprising: 

receiving a communication from a subscriber using a first communication network 

coupled to at least one other communication network, said communication optionally 
including a domain identifier associated with a domain on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain based upon said 
domain identifier and a Ust of authorized domains for a virtual circuit used to receive 
said communication; 

authorizing subscriber access to said domain when said domain identifier is included 
in said list. 



' U.S. Patent No. US 6,044,402 to Jacobson et al. 
^ Office Action dated June 23, 2004, ^ 3 . 

^ Manual of Patent Examining Procedure (MPEP) § 2131. See also Verdegaal Bros. v. Union Oil Co. of California, 
814F.2d628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). 
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The Examiner states: 

Jacobson teaches a method for controlHng subscriber access in a network capable of 
estabhshing connections with a pluraUty of domains, comprising: 

receiving a communication from a subscriber using a first communication 
network coupled to at least one other conmiunication network (i.e., receiving a packet 
114 transmitted between the protected and remote host computers 104-1 and 104-2), said 
communication optionally including a domain identifier associated with a domain (a 
network header 142 in each packet 114 containing a source address 144, a destination 
address 146 and a transport protocol ID 148 associated with a domain) on said at least 
one other communication network (Jacobson, Fig. 1, C3: L27-56 and CI 1 : LI -41); 

determining whether said subscriber is authorized to access said domain based 
upon said domain identifier and a list of authorized domains for a virtual circuit used to 
received said communication (Jacobson, C15: L66-67 and C16: Ll-21); 

authorized subscriber access to said domain when said domain identifier is 
included in said Hst (Jacobson, CI 8: 1-42-53)."^ 

The Applicants respectfully disagree for the reasons set forth below. 



Contrary to the Examiner's statement, Jacobson et al. does not disclose receiving a 
communication from a subscriber using a first communication network coupled to at least one 
other communication network, said communication optionally including a domain identifier 
associated with a domain on said at least one other communication network. In fact, nowhere 
does Jacobson et al. use the word "domain". In support of the Examiner's contention, the 
Examiner refers in part to the following in Jacobson et al. : 

Each host computer 104 in the network 100 includes a global network address in 
accordance with the network protocol 120 that uniquely identifies it from all other host 
computers in the network. In order to properly route the packets 114 between the host 
computers 104 that are their initial sources and final destinations, a network layer header 
142, as shown in FIG. 3, is attached to each packet by the network protocol stack of the 
host computer that is its source. This is done at the network layer in accordance with the 
network layer protocol 120. 

The network layer header 142 in each packet 114 contains a source address 144, a 
destination address 146, and a transport protocol (i.e., packet type) ID (identifier) 148, as 



^ Office Action H 4. 
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shown in FIG. 3. Thus, the network protocol stack of the initial source of each packet sets 
the source address to be the network address of the initial source and sets the destination 
address to be the network address of the final destination of the packet. And, the network 
protocol stack of the initial source also sets the transport protocol ID to identify the 
transport protocol that is being used in the connection between the client and the server. 

As indicated earlier, the service access address of the host computer 104 that is 
the server in a connection identifies the application layer protocol used in the connection. 
Furthermore, the service access address and the network address of the client in the 
connection identifies one endpoint of the connection and the service access address and 
network address of the server identifies the other endpoint of the connection. Thus, the 
service access addresses and the network addresses of the client and the server comprise a 
connection information set that uniquely identifies the connection, its endpoints, and the 
application layer protocol used in the connection. For example, in the connection of 
FIGS. 4 to 6, the TCP/IP protocol suite may be used so that the network layer protocol is 
the IP protocol and the transport protocol is the TCP protocol. In this case, the cHent 105 
and the server 109 have IP addresses and TCP port numbers that identify the connection, 
its endpoints, and the application layer protocol used in the cormection.^ 

Thus the source address and the destination address included in the packet header 
disclosed by Jacobson et al. are network addresses of individual computers. Neither is a domain 
identifier associated with a domain on the at least one other communication network. And the 
transport protocol ID identifies the transport protocol that is being used in the cormection 
between a client an a server, but does not identify a domain on the at least one other 
communication network. While the source address, destination address, and transport protocol 
taken together may uniquely identify a physical connection between two computers, they are not 
a domain identifier associated with a domain on the at least one other communication network. 



Nor does Jacobson et al. disclose determining whether said subscriber is authorized to 
access said domain based upon said domain identifier and a list of authorized domains for a 



^ Jacobson et al. at col. 1 1 lines 1-41. (emphasis added) 
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virtual circuit used to receive said communication. In support of the contention that Jacobson et 
al discloses this element, the Examiner refers to the following in Jacobson et al. : 

Furthermore, the blocking data structure 192 includes a network address access 
list 212 that identifies the network address access policy for all of the protected host 
computers 104-1 that have been assigned the restricted mode. As shovra in FIG. 13, the 
network address access list is a list of the network addresses of the protected and remote 
host computers 104-1 and 104-2 for which a connection will only be allowed if it has an 
endpoint at one of these host computers and an endpoint at one of the protected host 
computers that has been assigned the restricted mode. 

Therefore, for each packet 114 from which a connection information set has been 
obtained, the blocking controller 170 determines whether to block the connection based 
on the connection information set and the blocking data structure 192. This is done in the 
following manner using the blocking mode table 200, the network address block list 202, 
the remote and local protocol block Usts 204 and 206, the override table 208, the override 
protocol lists 210, and the network address access Hst 212 of the blocking data structure 
and the source and destination network addresses and the source and destination service 
access addresses 124 and 126 in the connection information set.^ 



Thus, Jacobson et al. teaches determining whether to block a connection based upon the 
network addresses of two endpoints, and a blocking mode table, a network address block list, 
remote and local protocol block lists, an override table, override protocol lists, and a the network 
address access list of the blocking data structure and the source and destination network 
addresses and the source and destination service access addresses, Jacobson et al. does not teach 
determining whether a subscriber is authorized to access a domain, nor does Jacobson et al. does 
teach making the determination based upon both (1) a domain identifier and (2) a list of 
authorized domains for a virtual circuit used to received said communication as required by 
claim 1. 



^ Jacobson et al. at col. 15 line 66 to col. 15 line 21. (emphasis added) 
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Nor does Jacobson et aL disclose authorizing subscriber access to said domain when said 
domain identifier is included in said list. The argument made above with respect to the 
"determining" element is applicable here as well. Jacobson et al. does not teach determining 
whether a subscriber is authorized to access a domain based upon a domain identifier and a list of 
authorized domains for a virtual circuit used to receive a communication. Thus, Jacobson et aL 
cannot teach using the result of such a determination to authorize subscriber access. 

For the above reasons, the 35 U.S.C. § 102 rejection of claim 1 is unsupported by the art. 
Thus, no prima facie case of obviousness has been estabhshed and the 35 U.S.C. § 102 rejection 
should be withdrawn. 

Claim 2 

Claim 2 depends from claim 1. Claim 1 being allowable, claim 2 must be allowable for 
at least the same reasons. 

Claims 14-15 

Claims 14-15 are program storage device claims corresponding to method claims 1-2. 
Claims 1-2 being allowable, claims 14-15 must be allowable for at least the same reasons. 

Claims 27-28 

Claims 27-28 are means-plus-function claims corresponding to method claims 1-2. 
Claims 1-2 being allowable, claims 27-28 must be allowable for at least the same reasons. 
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The 35 U.S.C. $ 103 Rejection 

Claims 3-5, 9-11, 16-18, 22-24, 29-31, 35-37 and 40-51 were rejected under 
35 U.S.C. § 103(a) as being allegedly unpatentable over Jacobson et al. in view of 
Loehndorf, Jr. et al7 . among which claims 40 and 46 are independent claims.^ This rejection is 
respectfully traversed. 

According to the Manual of Patent Examining Procedure (M.P.E.P.), 

To establish a prima facie case of obviousness, three basic criteria must be met. First 
there must be some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the reference 
or to combine reference teachings. Second, there must be a reasonable expectation of 
success. Finally, the prior art reference (or references when combined) must teach or 
suggest all the claim limitations. The teaching or suggestion to make the claimed 
combination and the reasonable expectation of success must both be found in the prior 
art, not in the applicant's disclosure.^ 

Claim 3 recites: 

The method of claim 1 wherein said communication comprises a Point-to-Point Protocol 
(PPP) session. 

Claim 4 recites: 

The method of claim 3 wherein 
said PPP session comprises a tunneling session; 
said determining further comprises assigning a tunnel ID; and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain. 



Specifically, the Office Action contends that the elements of the presently claimed 
invention are disclosed in Jacobson et al. except that Jacobson et al. does not teach said 
communication comprises a Point-to-Point Protocol (PPP) session, which in turn comprises a 



'U.S. Patent No. 6,094,437. 
^Office Action 11 9. 
^M.P.E.P§2143. 
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tunneling session and said PPP session is forwarded onto a tunnel associated with an assigned 

tunnel K) when said subscriber is authorized to access said domain. The Office Action further 

contends that Loehndorf, Jr. et al. teaches: 

... the Point-to-Point Protocol (PPP) has been standardized by the Litemet Engineering 
Task Force (IETF) to be used to allow Internet Protocol (IP) and other protocols (such as 
IPX, XNS, AppleTalk, etc.) to be sent over non-IP mediums such as the Public Switched 
Telephone Network (PSTN), ATM, Frame Relay, SONET, etc. in Internet 
communications. Loehndorf also teaches the IETF developed the L2TP (Layer Two 
Tunneling Protocol) to allow the PPP session to be tunneled over the Internet by 
establishing the tunnel using a tunnel ID (i.e., forwarding PPP session onto a tunnel 
associated with an assigned tunnel ID) (Loehndorf, CI: L43 - C3: L25 and CI 1: L36- 
67).^^ 

The Office Action further contends that it would be obvious to one having ordinary skill in the 
art at the time of the invention to forward a PPP session onto a tunnel associated with an 
assigned tunnel ID when said subscriber is authorized to access said domain since such methods 
were conventionally employed in the art to securely send data between networks and to provide 
needed and improved functionality.^^ The Applicants respectfully disagree for the reasons set 
forth below. 



Claims 3-5 and 9-1 1 depend from claim 1 and thus include the limitations of claim 1. 
The arguments made above with respect to claim 1 apply here as well. The 35 U.S.C. § 102 
rejection of claim 1 based on Jacobson et al. is unsupported by the art, as each and every element 
as set forth in claim 1 is not found in Jacobson et al. Therefore, the 35 U.S.C. § 103 rejection of 
dependent claims 3-5 and 9-1 1 based on Jacobson et al. in view of Loehndorf, Jr. et al. is also 



Office Action H 10. 
Office Action II 10. 
Office Actional 10. 
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unsupported by the art. Thus, no prima facie case of obviousness has been established and the 35 
U.S.C. § 103 rejection should be withdrawn. 

Claims 16-18 and 22-24 

Claims 16-18 and 22-24 are program storage device claims corresponding to method 
claims 3-5 and 9-11, respectively. Claims 3-5 and 9-1 1 being allowable, claims 16-18 and 22-24 
must be allowable for at least the same reasons. 

Claims 29-31 and 35-37 

Claims 29-31 and 35-37 are means-plus-function claims corresponding to method claims 
3-5 and 9-11, respectively. Claims 3-5 and 9-1 1 being allowable, claims 29-31 and 35-37 must 
be allowable for at least the same reasons. 

Claims 40-51 

Claims 40-51 are access server claims including limitations similar to method claims 3-5 
and 9-1 1 . Claims 3-5 and 9-1 1 being allowable, claims 40-51 must also be allowable for at least 
the same reasons. 

In view of the foregoing, it is respectfully asserted that the claims are now in condition 
for allowance. 
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Conclusion 

It is believed that this Amendment places the above-identified patent application into 
condition for allowance. Early favorable consideration of this Amendment is earnestly solicited. 

Allowable Subject Matter 

The Examiner is thanked for the allowance of claims 52-56, and for the finding of 
allowable subject matter in claims 6-8, 12-13, 19-21, 25-26, 32-34, and 38-39 if rewritten in 
independent form including all of the limitations of the base claim and any intervening claims. 
New claims 57-59, 60-61, 62-64, 65-66, 67-69, and 70-71 represent claims 6-8, 12-13, 19-21, 25- 
26, 32-34, and 38-39, respectively, written in independent form including all of the limitations of 
the base claim and any intervening claims. Applicants acknowledge the Examiner's statement of 
reasons for allowance as set forth in the Office Action. However, Applicants point out that the 
reasons for allowability of the above referenced claims are not limited to the reasons for 
allowance as set forth in the Office Action, and that additional reasons for allowability may exist, 
each of which may be independently sufficient to estabUsh the patentability of one or more 
pending claims. 

Applicants respectfiilly reserve the right to introduce, articulate, or otherwise comment on 
any such additional reasons for allowance as may be appropriate in any future proceedings 
concerning the claimed invention. 
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Information Disclosure Statement 

An Information Disclosure Statement was submitted on February 14, 2000. Although the 
Examiner signed and retumed copies of PTO Form 1449, the Examiner's initials are missing 
from entry "AA" on PTO Form 1449 page 2 of 2. Applicant hereby respectfully requests full 
acknowledgment of the reference cited in the EDS. 

Attached herewith is a copy of the retumed PTO Form 1449 filed on February 14, 2000. 
Please send the PTO form 1449 with the Examiner's signature beside all cited references. 

If, in the opinion of the Examiner, an interview would expedite the prosecution of this 
application, the Examiner is invited to call the undersigned attorney at the number indicated 
below. 
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Applicant respectfully requests that a timely Notice of Allowance be issued in this case. 
Please charge any additional required fee or credit any overpayment not otherwise paid or 
credited to our deposit account No. 50-1698. 



Dated: September 23, 2004 



Thelen Reid & Priest LLP 
P.O. Box 640640 
San Jose, CA 95164-0640 
Tel. (408) 292-5800 
Fax. (408) 287-8040 



Respectfully submitted, 



THELEN REID & PRIEST, LLP 




John P. Schaub 
Reg. No. 42,125 
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